CN106462700B - Canceling request - Google Patents
Canceling request Download PDFInfo
- Publication number
- CN106462700B CN106462700B CN201480078315.6A CN201480078315A CN106462700B CN 106462700 B CN106462700 B CN 106462700B CN 201480078315 A CN201480078315 A CN 201480078315A CN 106462700 B CN106462700 B CN 106462700B
- Authority
- CN
- China
- Prior art keywords
- request
- cancellation
- job
- authorized
- job request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000012545 processing Methods 0.000 claims abstract description 99
- 238000003384 imaging method Methods 0.000 claims description 37
- 238000000034 method Methods 0.000 claims description 14
- 230000004044 response Effects 0.000 claims description 11
- 238000012795 verification Methods 0.000 claims description 3
- 238000013475 authorization Methods 0.000 abstract description 21
- 230000006870 function Effects 0.000 description 7
- 238000010586 diagram Methods 0.000 description 6
- 238000009434 installation Methods 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 230000009471 action Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 230000000977 initiatory effect Effects 0.000 description 2
- 238000012015 optical character recognition Methods 0.000 description 2
- 239000007787 solid Substances 0.000 description 2
- 239000003795 chemical substances by application Substances 0.000 description 1
- 239000002131 composite material Substances 0.000 description 1
- 238000004883 computer application Methods 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 239000002184 metal Substances 0.000 description 1
- 229910052751 metal Inorganic materials 0.000 description 1
- 150000002739 metals Chemical class 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 239000004033 plastic Substances 0.000 description 1
- 229920003023 plastic Polymers 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 230000001052 transient effect Effects 0.000 description 1
- 239000002023 wood Substances 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/606—Protecting data by securing the transmission between two devices or processes
- G06F21/608—Secure printing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/12—Digital output to print unit, e.g. line printer, chain printer
- G06F3/1201—Dedicated interfaces to print systems
- G06F3/1223—Dedicated interfaces to print systems specifically adapted to use a particular technique
- G06F3/1237—Print job management
- G06F3/1259—Print job monitoring, e.g. job status
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/12—Digital output to print unit, e.g. line printer, chain printer
- G06F3/1201—Dedicated interfaces to print systems
- G06F3/1223—Dedicated interfaces to print systems specifically adapted to use a particular technique
- G06F3/1237—Print job management
- G06F3/1274—Deleting of print job
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/30—Arrangements for executing machine instructions, e.g. instruction decode
- G06F9/38—Concurrent instruction execution, e.g. pipeline or look ahead
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/48—Program initiating; Program switching, e.g. by interrupt
- G06F9/4806—Task transfer initiation or dispatching
- G06F9/4843—Task transfer initiation or dispatching by program, e.g. task dispatcher, supervisor, operating system
- G06F9/4881—Scheduling strategies for dispatcher, e.g. round robin, multi-level priority queues
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Human Computer Interaction (AREA)
- Facsimiles In General (AREA)
- Image Processing (AREA)
Abstract
Examples disclosed herein relate to requesting authorization and authentication. Examples include intercepting a request from a processing pipeline of a device. The device will determine whether the request is authorized and authentic. If the request is not authorized or authenticated, the device will generate a cancellation request. The device will provide a cancel request to the processing pipeline of the device.
Description
Background
Protection of data from unauthorized access is desired. Various methods have been developed for preventing access to electronic documents. In some examples, access to the printing device and the scanning device is restricted to prevent data loss.
Drawings
The following detailed description refers to the accompanying drawings in which:
FIG. 1 is a block diagram of an example computing device to generate a cancellation request in the device;
FIG. 2 is a block diagram of an example system to provide a cancel request to an imaging device; and
FIG. 3 is a flow diagram of an example method for providing a cancel request.
Detailed Description
As used herein, a "request" (or "request") is an instruction (i.e., a command) that is executable by a computing device to perform at least one function in the computing device. A "computing device" or "device" may be a desktop computer, a laptop (or notebook) computer, a workstation, a tablet computer, a mobile phone, a smart device, a server, a blade chassis, an imaging device, or any other processing device or equipment. For example, the request may be an instruction to analyze data, change a setting of the computing device, provide data to the second device, store data, and so on. As used herein, a "job request" is an instruction (i.e., a command) that is executable by a computing device to perform at least one function in an image forming device. An "imaging device" may be a hardware device, such as a printer, scanner, photocopier, multifunction printer (MFP), or any other device having functionality to physically produce, scan, or copy graphical representation(s) (e.g., text, images, models, etc.) on paper, photopolymers, thermopolymers, plastics, composites, metals, wood, etc. In some examples, the MFP may be capable of performing a combination of a plurality of different functions, such as, for example, printing, photocopying, scanning, faxing, and the like. For example, the function related to the imaging device may be to restart the imaging device, overhaul the imaging device, upgrade firmware, retrieve consumable level information, clone features, adjust security settings, perform tests, perform device discovery, change trap events, retrieve scans, perform print requests, perform photocopy requests, clear reminders, and the like.
As used herein, "authenticate" or "authenticating" refers to a determination of the origin and integrity of a request. For example, the request may be authenticated by verifying a digital signature in the request. A "digital signature" may be a scheme for demonstrating the authenticity of a request. A valid digital signature may indicate that the request was created by a known sender and that the message was not changed in transit. As used herein, "authorize" and "authorizing" refers to requesting a determination provided by an authorized sender. For example, the request is sent from a device authorized to interact with the computing device. The determination that the request is authorized may be provided by an authorized device by verifying that the digital signature of the request. An "authorized device" can be any device that is authorized to perform an action in accordance with a data processing policy.
Preventing data loss caused by accidental or intentional actions that violate data handling policies is a goal of any networking environment. Data processing protocols have been developed that provide access to authorized persons and devices. However, the data processing protocol may not prevent loss of data through the imaging device. For example, some image forming devices may be unable to determine whether a job request satisfies a data processing policy due to limited processing resources. In other examples, time constraints in the image forming device that determine whether job requests satisfy data processing policies may reduce print speed to unacceptable levels. In such examples, a second device (e.g., an authorization device) in the networked environment may be used to determine whether the job request satisfies the data processing policy prior to outputting the job request from the imaging device. The authorization device may provide only authorized and authentic job requests to the image forming device, and the image forming device may be instructed to accept only requests from the authorization device. However, an authenticated and authorized job request may be intercepted en route to the image forming apparatus and changed before being received by the image forming apparatus. In another example, an imaging device may receive a job request that has not been approved by an authorized device or an intermediate device (e.g., a dump server) in a networked environment.
To address these issues, in the examples described herein, the device may determine whether the request is authentic and authorized. For example, the authorizing device may provide a digital signature to the request to express that the request satisfies the data processing policy. In such examples, a device (e.g., an imaging device) may remove or intercept a request from a processing pipeline of the device to perform the determination. If the request is determined to be authentic and authorized, it may be provided to the device's processing pipeline for processing. If the request is determined to be unauthorized or not authentic, the device may generate a cancellation request and provide the cancellation request to the processing pipeline of the device. In another example, the device may provide the cancel request directly to a status block of the device. In such an example, the cancel request log may be recorded in the image forming apparatus. In such examples, the device may further provide the request to another device when generating the cancellation request. In such examples, the second device may analyze the rejected request, e.g., to identify any violations of the data processing policy. In this manner, examples described herein may significantly reduce processing resources utilized in processing unauthorized and/or unrealistic jobs in a device.
Referring now to the drawings, FIG. 1 is a block diagram of an example computing device 100 to provide a cancel request in a device. In the example of fig. 1, computing device 100 includes a processing resource 110 and a machine-readable storage medium 120, the machine-readable storage medium 120 including (e.g., encoded with) instructions 122, 124, 126, 128, and 130 that are executable by the processing resource 110. In some examples, storage medium 120 may include additional instructions. In some examples, instructions 122, 124, 126, 128, and 130, as well as any other instructions described herein with respect to storage medium 120, may be stored on a machine-readable storage medium that is remote from, but accessible to, computing device 100 and processing resource 110 (e.g., via a computer network). In some examples, instructions 122, 124, 126, 128, and 130 may be instructions of a computer program, a computer application (app), an agent, etc. of computing device 100. In other examples, the functionality described herein with respect to instructions 122, 124, 126, 128, and 130 may be implemented as an engine, including any combination of hardware and programming to implement the functionality of the engine, as described below.
In examples described herein, a processing resource may include, for example, one processor or multiple processors included in a single computing device (as shown in fig. 1) or distributed across multiple computing devices. The "processor" may be at least one of: a Central Processing Unit (CPU), a semiconductor-based microprocessor, a Graphics Processing Unit (GPU), a Field Programmable Gate Array (FPGA) to retrieve and execute instructions, other electronic circuitry suitable for retrieval and execution of instructions stored on a machine-readable storage medium, or a combination thereof. The processing resource 110 may retrieve, decode, and execute instructions stored on the storage medium 120 to perform the functions described below. In other examples, the functionality of any instructions of storage medium 120 may be implemented in the form of electronic circuitry, in the form of executable instructions encoded on a machine-readable storage medium, or a combination thereof.
As used herein, a "machine-readable storage medium" may be any electronic, magnetic, optical, or other physical storage device that can contain or store information such as executable instructions, data, and the like. For example, any of the machine-readable storage media described herein may be any or a combination of Random Access Memory (RAM), volatile memory, non-volatile memory, flash memory, a storage drive (e.g., a hard drive), a solid-state drive, any type of storage disk (e.g., a compact disk, a DVD, etc.), and the like. Further, any of the machine-readable storage media described herein may be non-transitory.
In the example of fig. 1, instructions 122 may actively obtain (e.g., retrieve, etc.) or passively obtain (e.g., receive, etc.) request 105 in computing device 100. In some examples, the request 105 may be a job request of the imaging device. In an example, computing device 100 may be any device to obtain, process, and execute requests.
In instructions 124, the computing device 100 may intercept the request 105 from a processing pipeline of the computing device 100. As used herein, a "processing pipeline" refers to any firmware, hardware, software, or any combination thereof to process and execute the request 105 or any other request normally received in the computing device 100. In some examples, the computing device 100 may intercept the request 105 by capturing the request 105 before it enters the processing pipeline of the computing device 100. In other examples, computing device 100 may remove request 105 from the processing pipeline and computing device 100 may return to the processing pipeline at instruction 130. In some examples, the intercepted request 105 may be transmitted to a second device and/or a storage location of the computing device 100 that is not part of the processing pipeline. For example, the request 105 may be stored in a transient location in the machine-readable storage medium 120 of the computing device 100.
In instruction 126, computing device 100 may determine whether request 105 is authentic and authorized. If the request 105 is determined to be authentic and authorized, the request 105 may be provided to a processing pipeline of the computing device 100. In an example, the computing device 100 may determine that the request 105 is authentic and authorized in the processing pipeline. In other examples, computing device 100 may determine that request 105 is authentic and authorized outside of the processing pipeline. In some examples, computing device 100 may determine whether request 105 is authentic and authorized by verifying the digital signature of request 105.
In some examples, the digital signature may be applied to the request 105 by the device or an authorized device. As used herein, an "authorized device" may be a device that determines whether a request can be satisfied by computing device 100, and may be a dedicated device, machine-readable instructions on a device, or a service operating on multiple devices (e.g., a web service, cloud service, local service, server, etc.). For example, the authorizing device can evaluate the content of the request 105, metadata (e.g., owner, date, time, etc.), and the like, in accordance with a data processing policy. In some implementations, the data processing policies may include a set of individual policies that limit which materials are allowed for processing, e.g., by individual/role, set of job metadata and/or content, particular imaging devices and their capabilities, location, restricted access and/or security (e.g., documents may be allowed to be printed when a particular person is near an imaging device), date/time (e.g., document types may be allowed to be printed only during office hours), etc. When the request 105 is determined to satisfy the data processing policy, the authorizing device may provide a digital signature to the request 105. In other examples, a digital signature may be applied to job request 105 by the originating device of request 105. In such examples, the initiating device of the request 105 may receive a digital signature or instructions from the authorizing device to apply the digital signature to the request 105. For example, the request 105 may be a job request from a laptop computer with a digital signature provided by an authorization device (e.g., an authorization service). In such examples, the authorization server may apply a digital signature to the job request or may instruct the laptop to apply a digital signature to the job request.
In an example, the job request may be a copy request from an image forming apparatus. In such examples, the imaging device may scan and store the copy request in the imaging device without generating a physical copy of the document. The image forming apparatus may provide the scanned copy request to an authorization server to determine whether the job request satisfies a data processing policy. For example, if the image forming apparatus is an authorized apparatus and the individual requesting the copy request is an authorized user, the authorization server may determine that the copy satisfies the data processing policy. In another example, the authorization server may determine that the copy request satisfies the data processing policy if the content of the copy request is allowed to be copied. In some examples, the authorization server may extract text and images from the copy request, perform Optical Character Recognition (OCR), search keywords, classify the text and/or images, and determine whether the copy request satisfies a data processing policy. If the authorization server determines that the copy request satisfies the data processing policy, the authorization server may instruct the imaging device to make a physical copy of the document by providing a digital signature. In another example, the job request may be a scan request from an image forming apparatus. In such examples, the authorization server may determine that the scan request satisfies the data processing policy as described above, and may instruct the imaging device to transmit the scanned image of the document to the destination if the document satisfies the data processing policy.
In another example, the job request may be a print request from the initiating device to the image forming device. In such examples, the authorization server may receive the print request from the originating device and determine whether the print request satisfies the data processing policy as described above. In some examples, the authorization server may provide a digital signature to the print request and forward the print request to the imaging device. In other examples, the authorization server may generate an authorization signature and instruct the originating device to add a digital signature to the print request when the print request is determined to satisfy the data processing policy. The imaging device may then receive the print request with the digital signature for processing. In such examples, computing device 100 may intercept the print job request as discussed above with respect to instructions 124. Computing device 100 may determine that the print request is authentic and authorized through digital signature verification. In such examples, if the digital signature is determined to be valid (and generated by the authorizing device), computing device 100 may provide the print request to the processing pipeline of the imaging device and the imaging device may generate the document.
In instructions 128, computing device 100 may generate cancellation request 107 in response to a determination that request 105 is not authentic or authorized. For example, the computing device 100 may determine that the request 105 is not authentic or authorized when the digital signature is missing, corrupted, determined not to be valid, etc. As used herein, a "cancel request" may be a request to indicate that the request 105 has been cancelled or will not be processed, and may include identification information of the request 105. In an example, the cancel request 107 may include an instruction (i.e., a command) to cancel or terminate processing of the request 105. In some examples, the cancellation request 107 may include a cancellation reason to identify why the request 105 is not authorized or authentic. In such examples, the cancellation request may include at least one of an instruction to display a cancellation reason on the device, log the cancellation reason in the device, print the cancellation reason, and provide the cancellation reason to the second device. For example, the cancel request 107 may include a cancel reason and an instruction to display the cancel reason on the device. In another example, the cancel request 107 may be logged in a log of the device or a status area of the device. In some examples, the cancel request 107 may include a wrapper (wrapper) of the request. For example, if the request 105 is a job request that includes a wrapper in a print job language ("PJL"), the cancel request 107 of the job request may include at least one of a PJL wrapper, a cancel reason, and an instruction to display the cancel reason on the device, log the cancel reason in the device, print the cancel reason, and provide the cancel reason to the second device. In such examples, identification information about the job request may be extracted from the wrapper of the job request and provided as part of the cancellation reason. In another example, the cancellation request may include a job request such that a subsequent security analysis may be performed on the cancellation request by the second device.
In instructions 130, computing device 100 may provide cancellation request 107 to a processing pipeline of computing device 100. In an example, the processing pipeline of the computing device 100 may process the cancellation request 107 according to instructions provided therein. In an example, the cancel request 107 may be generated in the image forming apparatus in response to a determination that the job request is not authentic or authorized. In such examples, the cancel request 107 may be provided to the processing pipeline of the image forming device before the job request enters the processing pipeline because the job request is intercepted from entering the processing pipeline, as described above with respect to instruction 124. In another example, the cancel request 107 may be provided to a state component of the computing device 100 without entering the processing pipeline in accordance with the cancel request 107. For example, when the cancellation request 107 includes the identification information of the request 105 and an instruction to display a reason for cancellation, the computing device 100 may provide the cancellation request 107 to a display of the computing device 100 without entering a processing pipeline of the computing device 100.
In some examples, instructions 122, 124, 126, 128, and 130 may be part of an installation package that, when installed, may be executed by processing resource 110 to implement the functionality described herein with respect to instructions 122, 124, 126, 128, and 130. In such examples, storage medium 120 may be a portable medium, such as a CD, DVD, flash drive, or memory maintained by a computing device from which an installation package may be downloaded and installed. In other examples, instructions 122, 124, 126, 128, and 130 may be part of an application, multiple applications, or component that has been installed on computing device 100 that includes processing resource 110. In such examples, storage medium 120 may include memory such as a hard drive, solid state drive, or the like. In certain examples, the functionality described herein with respect to fig. 1 may be provided in combination with the functionality described herein with respect to any of fig. 2-3.
Fig. 2 is a block diagram of an example system 200 to provide a cancel request 207 to an imaging device 220. In the example of fig. 2, system 200 includes at least engines 212, 214, and 216, which may be any combination of hardware and programming to implement the functionality of the engines. In the examples described herein, such a combination of hardware and programming can be implemented in a number of different ways. For example, programming for the engine may be processor-executable instructions stored on a non-transitory machine-readable storage medium, and hardware for the engine may include processing resources to execute those instructions. In such examples, a machine-readable storage medium may store instructions that, when executed by a processing resource, implement engines 212, 214, and 216. In such examples, system 200 may include a machine-readable storage medium that stores instructions and a processing resource to execute the instructions, or the machine-readable storage medium may be separate but accessible to system 200 and the processing resource.
In some examples, the instructions may be part of an installation package that, when installed, may be executed by the processing resource to implement at least the engines 212, 214, and 216. In such examples, the machine-readable storage medium may be a portable medium, such as a CD, DVD, or flash drive, or a memory maintained by a computing device from which the installation package may be downloaded and installed. In other examples, the instructions may be part of an application, a plurality of applications, or a component that has been installed on the system 200 that includes the processing resource. In such examples, the machine-readable storage medium may include memory such as a hard drive, a solid state drive, and so forth. In other examples, the functionality of any engine of system 200 may be implemented in the form of electronic circuitry.
In the example of FIG. 2, job request engine 212 may obtain job request 205 in a computing device. Job request engine 212 may include instructions to intercept job request 205 from processing pipeline 222 of image forming device 220, as described above with respect to FIG. 1. In some examples, job request engine 212 may be an input output (I/O) filter or more than one I/O filter of an imaging device. In an example, an I/O filter of job request engine 212 may be placed in a first location of a filter pipeline of an imaging device to ensure that job request 205 is intercepted from processing pipeline 222. In other examples, the I/O filter of job request engine 212 may be placed in any other location in the filter pipeline of the imaging device, thus allowing certain job requests to be processed without authorization, for example. In such examples, any job requests processed by a prior filter may be exempted from entering job request engine 212. The system 200 and the imaging device 220 may be separate devices or integrated together as part of one device. In an example, the computing device may be an imaging device. In another example, the computing device may be a desktop computer or a laptop computer.
In some examples, determination engine 214 may determine whether job request 205 is authentic and authorized. For example, determination engine 214 may determine whether job request 205 is authentic and authorized based on the digital signature of job request 205, as described above with respect to FIG. 1. If job request 205 is determined to be authentic and authorized, determination engine 214 may provide job request 205 to processing pipeline 222 of image forming device 220.
If the determination engine 214 determines that the job request 205 is not authorized or authentic, the cancellation engine 216 may generate the cancellation request 207. The cancellation request 207 may be any cancellation request as described above with respect to fig. 1. In an example, the cancellation engine 216 may provide the cancellation request 207 to the processing pipeline 222 of the imaging device 220. In an example, the processing pipeline 222 may process the cancellation request 207 and provide a cancellation reason to the status module 224 according to the instructions in the cancellation request 207. The status module 224 may be a display of the imaging device 220 to display the reason for the cancellation. In such examples, the cancel request 207 may also be logged or stored in the imaging device. In another example, the cancellation engine 216 may provide the job request 205 to the second device 230 according to instructions in the cancellation request 207. In some examples, second device 230 may be a device to analyze job request 205 for a violation of a data processing policy and may alert the security manager of the violation of the data processing policy. In yet another example, the cancellation engine 216 may provide the cancellation request 207 directly to a status module of the device according to the cancellation request 207. In such examples, the cancel request 207 may include instructions to display a reason for the cancellation on the status block 224.
Fig. 3 is a flow diagram of an example method 300 for providing a cancel request. Although execution of method 300 is described below with reference to system 200 described above, other suitable systems (computing device 100) for executing method 300 may be utilized. Additionally, implementation of method 300 is not limited to such examples.
At 302 of method 300, system 200 may obtain job request 205. Job request 205 may be any job request described above with respect to fig. 1 and 2. In the example of fig. 3, the job request may be a print request.
At 304, the system 200 may intercept the job request 205 from the processing pipeline 222 of the image forming device 220, as described above with respect to fig. 1 and 2.
At 306, determination engine 214 of system 200 may determine whether job request 205 is authorized by determining whether the digital signature of job request 205 is provided by an authorized device. In the example of fig. 3, the authorized device may be an authorization server. As described above, when the job request 205 is determined to satisfy the data processing policy, a digital signature of the job request 205 may be provided by an authorized device.
At 308, the determination engine 214 of the system 200 may determine whether the job request 205 is authentic by verifying the digital signature of the job request 205. In some examples, the digital signature of job request 205 may be verified according to a signature verification algorithm, such as an RSA-PSS algorithm, a Digital Signature Algorithm (DSA), an Elliptic Curve Digital Signature Algorithm (ECDSA), an ElGamal signature algorithm, a Schnorr signature algorithm, a Pointcheval-Stern signature algorithm, a Rabin signature algorithm, and so forth. In other examples, a trusted public certificate of the authorization device may be used by determination engine 214 to determine whether job request 205 is authentic.
At 310, in response to determining that job request 205 is authentic and authorized, determination engine 214 may provide job request 205 to processing pipeline 222 of image forming device 220.
At 312, in response to determining that job request 205 is not authorized or authentic, cancellation engine 216 may generate cancellation request 207.
At 314, in response to generating the cancel request 207, the cancel engine 216 may provide the cancel request 207 to the processing pipeline 222 of the image forming device 220 and the job request 205 to the computing device.
Although the flow chart of fig. 3 shows a particular order of execution of certain functions, the method 300 is not limited to this order. For example, functions illustrated in succession in the flowchart may be executed in a different order, concurrently or with partial concurrence, or combinations thereof. In certain examples, the functionality described herein with respect to fig. 3 may be provided in combination with the functionality described herein with respect to any of fig. 1-2.
Claims (12)
1. A non-transitory machine-readable storage medium comprising instructions executable by a processing resource to:
obtaining, in a first processing device, a first request from a first computing device;
intercepting a first request from a processing pipeline of a first processing device;
determining whether the first request is authentic and authorized;
generating a cancellation request if the first request is not authentic or authorized; and
providing the cancellation request to a processing pipeline of the first processing device;
wherein the first request is authorized by determining that a digital signature of the first request is provided by an authorized device;
wherein the instructions to determine whether the first request is authentic and authorized further comprise instructions to provide the first request to the processing pipeline if the first request is authentic and authorized; and
the instructions to generate the cancellation request further include instructions to provide the first request to the second computing device in response to generation of the cancellation request;
wherein the cancellation request includes identification information of the first request and information to indicate that the first request was cancelled, such that the second computing device analyzes the first request for a violation of a data processing policy and alerts the security manager of the violation of the data processing policy.
2. The storage medium of claim 1, wherein the cancellation request includes at least one of a wrapper of the first request and a command to instruct the first processing device to display a cancellation reason, print the cancellation reason, or provide the cancellation reason to the second computing device.
3. The storage medium of claim 1, wherein the cancellation request includes a command to instruct the first processing device to cancel the first request.
4. The storage medium of claim 1, wherein determining whether the first request is authentic and authorized comprises verifying a digital signature of the first request.
5. A system, comprising:
a job request engine to receive a job request from a first computing device and intercept the job request from a processing pipeline of an image forming device;
a determination engine to determine whether the job request is authorized and authentic and to provide the job request to a processing pipeline of the image forming apparatus when the job request is determined to be authorized and authentic; and
a cancellation engine to generate a cancellation request when the job request is not authorized or authentic, provide the cancellation request to a processing pipeline of the image forming device based on content of the cancellation request, and provide the job request to the second computing device in response to generation of the cancellation request;
wherein the determination engine determines that the job request is authorized when it is determined that the digital signature of the job request is provided by the authorized device;
wherein the cancellation request includes identification information of the job request and information indicating that the job request was cancelled, such that the second computing device analyzes the job request for a violation of a data processing policy and alerts the security manager of the violation of the data processing policy.
6. The system of claim 5, wherein the determination engine determines that the job request is authentic in response to verification of the digital signature of the job request.
7. The system of claim 5, wherein the cancellation request comprises at least one of a command to display a cancellation reason on a display of the imaging device, print the cancellation reason, or provide the cancellation reason to the second computing device.
8. The system of claim 7, wherein the cancellation engine provides the cancellation request directly to the status block of the imaging device when the cancellation request includes a command to display a reason for cancellation on the status block of the imaging device.
9. The system of claim 5, wherein the cancel request comprises a command to instruct the image forming apparatus to cancel the job request.
10. The system of claim 5, wherein the job request engine removes the job request from the processing pipeline of the imaging device by capturing the job request before the job request enters the processing pipeline of the imaging device.
11. A method, comprising:
acquiring a job request from a first computing device in an image forming device;
intercepting a job request from a processing pipeline of an image forming apparatus;
determining that the job request is authorized by determining whether a digital signature of the job request is provided by an authorized device;
determining that the job request is authentic by verifying a digital signature of the job request;
providing the job request to a processing pipeline of the image forming apparatus in response to determining that the job request is authentic and authorized;
in response to determining that the job request is not authorized or authentic, generating a cancellation request; and
in response to generating the cancel request, providing the cancel request to a processing pipeline of the image forming device and providing the job request to the second computing device,
wherein the cancellation request includes identification information of the job request and information to indicate that the job request was cancelled, such that the second computing device analyzes the job request for a violation of the data processing policy and alerts the security manager of the violation of the data processing policy.
12. The method of claim 11, wherein the cancellation request comprises at least one of a wrapper of the job request and a command to instruct the imaging device to cancel the job request, display a cancellation reason on a display of the imaging device, print the cancellation reason, or provide the cancellation reason to the second computing device.
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| PCT/US2014/058177 WO2016053267A1 (en) | 2014-09-30 | 2014-09-30 | Cancellation requests |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106462700A CN106462700A (en) | 2017-02-22 |
| CN106462700B true CN106462700B (en) | 2020-12-04 |
Family
ID=55631123
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201480078315.6A Active CN106462700B (en) | 2014-09-30 | 2014-09-30 | Canceling request |
Country Status (4)
| Country | Link |
|---|---|
| US (1) | US10210339B2 (en) |
| EP (1) | EP3201813B1 (en) |
| CN (1) | CN106462700B (en) |
| WO (1) | WO2016053267A1 (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9967102B2 (en) * | 2015-12-18 | 2018-05-08 | International Business Machines Corporation | Managing transfer of device ownership |
| JP2018151854A (en) * | 2017-03-13 | 2018-09-27 | 富士ゼロックス株式会社 | Document processing device and program |
| US10877673B2 (en) * | 2017-12-15 | 2020-12-29 | Microchip Technology Incorporated | Transparently attached flash memory security |
| US11425566B2 (en) * | 2019-07-25 | 2022-08-23 | Jpmorgan Chase Bank, N.A. | Method and system for providing location-aware multi-factor mobile authentication |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1879126A2 (en) * | 2006-07-14 | 2008-01-16 | Canon Kabushiki Kaisha | Information processing apparatus, information processing method, peripheral apparatus, and authority control system |
| CN101247222A (en) * | 2007-02-15 | 2008-08-20 | 村田机械株式会社 | Print management device and print management method |
| CN103003788A (en) * | 2010-07-15 | 2013-03-27 | 惠普发展公司,有限责任合伙企业 | Processing print request |
Family Cites Families (22)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6683696B1 (en) | 1998-10-27 | 2004-01-27 | Hewlett-Packard Development Company, L.P. | Filter based data imaging method for an image forming device |
| US7003667B1 (en) | 1999-10-04 | 2006-02-21 | Canon Kabushiki Kaisha | Targeted secure printing |
| AU780201B2 (en) | 2000-10-11 | 2005-03-10 | Trustcopy Pte Ltd. | Remote printing of secure and/or authenticated documents |
| US20030014640A1 (en) | 2001-07-13 | 2003-01-16 | Loyd Travis W. | Printer regulation through verification of a user |
| US7284277B2 (en) * | 2002-07-15 | 2007-10-16 | Hewlett-Packard Development Company, L.P. | Secured printing |
| US7319535B2 (en) * | 2002-12-17 | 2008-01-15 | Hewlett-Packard Development Company, | Authentication system and method for imaging system |
| US8373875B2 (en) * | 2004-06-17 | 2013-02-12 | Sharp Laboratories Of America, Inc. | Adaptive universal symbol driver interface |
| JP4974642B2 (en) * | 2005-12-01 | 2012-07-11 | キヤノン株式会社 | Printing system |
| JP2007323186A (en) | 2006-05-30 | 2007-12-13 | Canon Inc | Apparatus for creating print control data, print management device, and printer |
| US20080030769A1 (en) * | 2006-08-03 | 2008-02-07 | Nobutaka Hanaoka | Host printing system, apparatus and method |
| CN101127625B (en) * | 2006-08-18 | 2013-11-06 | 华为技术有限公司 | A system and method for authorizing access request |
| CN101140504A (en) | 2006-09-05 | 2008-03-12 | 鸿富锦精密工业(深圳)有限公司 | Print job monitoring system and method |
| JP2008149592A (en) * | 2006-12-19 | 2008-07-03 | Konica Minolta Business Technologies Inc | Image formation device, printing method and control program |
| WO2008086383A1 (en) | 2007-01-09 | 2008-07-17 | Pharos Systems Interational, Inc. | Document processing system providing job attribute control and override features and related methods |
| US8446607B2 (en) * | 2007-10-01 | 2013-05-21 | Mcafee, Inc. | Method and system for policy based monitoring and blocking of printing activities on local and network printers |
| JP2009290560A (en) * | 2008-05-29 | 2009-12-10 | Ricoh Co Ltd | Image forming apparatus, print processing method, program, and recording medium |
| JP5193962B2 (en) * | 2008-07-29 | 2013-05-08 | 京セラドキュメントソリューションズ株式会社 | Print control apparatus, print system, and print control method |
| JP2010201881A (en) * | 2009-03-05 | 2010-09-16 | Canon Inc | Image forming apparatus and image forming method |
| US8627114B2 (en) | 2010-08-02 | 2014-01-07 | Cleversafe, Inc. | Authenticating a data access request to a dispersed storage network |
| JP2013054304A (en) * | 2011-09-06 | 2013-03-21 | Canon Inc | Image forming apparatus management system, management device, image forming apparatus management method and program |
| JP6245806B2 (en) * | 2013-01-08 | 2017-12-13 | キヤノン株式会社 | Information processing apparatus and control method thereof, |
| US10210341B2 (en) | 2013-02-12 | 2019-02-19 | Amazon Technologies, Inc. | Delayed data access |
-
2014
- 2014-09-30 WO PCT/US2014/058177 patent/WO2016053267A1/en active Application Filing
- 2014-09-30 CN CN201480078315.6A patent/CN106462700B/en active Active
- 2014-09-30 EP EP14902935.7A patent/EP3201813B1/en active Active
- 2014-09-30 US US15/307,288 patent/US10210339B2/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1879126A2 (en) * | 2006-07-14 | 2008-01-16 | Canon Kabushiki Kaisha | Information processing apparatus, information processing method, peripheral apparatus, and authority control system |
| CN101247222A (en) * | 2007-02-15 | 2008-08-20 | 村田机械株式会社 | Print management device and print management method |
| CN103003788A (en) * | 2010-07-15 | 2013-03-27 | 惠普发展公司,有限责任合伙企业 | Processing print request |
Also Published As
| Publication number | Publication date |
|---|---|
| EP3201813A1 (en) | 2017-08-09 |
| US20170046525A1 (en) | 2017-02-16 |
| WO2016053267A1 (en) | 2016-04-07 |
| US10210339B2 (en) | 2019-02-19 |
| EP3201813B1 (en) | 2019-12-18 |
| CN106462700A (en) | 2017-02-22 |
| EP3201813A4 (en) | 2018-05-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8341734B1 (en) | Method and system to audit physical copy data leakage | |
| US20070283157A1 (en) | System and method for enabling secure communications from a shared multifunction peripheral device | |
| US8732848B2 (en) | File-distribution apparatus and recording medium having file-distribution authorization program recorded therein | |
| US20070283170A1 (en) | System and method for secure inter-process data communication | |
| CN107426173B (en) | File protection method and device | |
| US10949146B2 (en) | Document operation compliance | |
| JP2012003679A (en) | Method for ensuring security of additional application for image forming apparatus, image forming system, and image forming apparatus | |
| CN106462700B (en) | Canceling request | |
| FR2836247A1 (en) | Print management system for production of printed documents with owner's rights management has printer that receives protected document file and in response to authorisation signal for printing at least one printed document | |
| US9665727B2 (en) | Information processing system, method of processing information, program, and recording medium | |
| CN110471632B (en) | File printing and viewing method and device, electronic equipment and readable storage medium | |
| US10289828B2 (en) | Image forming apparatus, image forming system, method for controlling image forming system, and storage medium | |
| US20210303236A1 (en) | Document security and integrity verification based on blockchain in image forming device | |
| JP2008177825A (en) | Image processor, image processing method and image processing program | |
| CN108646988B (en) | Document printing method and system | |
| US20210099612A1 (en) | Method and system for secure scan and copy | |
| US9013735B2 (en) | Image forming system and image forming method providing controls of settings of image position and restriction | |
| JP2007249575A (en) | Information processor, computer-readable portable storage medium, information processing method, information processing program and information processing system | |
| US8508782B2 (en) | Method of securing printers against malicious software | |
| JP2007042100A (en) | Method and system for charging | |
| US20160021271A1 (en) | Image forming apparatus which generates images of web pages | |
| US11856172B2 (en) | Method and apparatus to generate encrypted codes associated with a document | |
| US10271206B2 (en) | Methods and systems for securely routing documents through third party infrastructures | |
| US20230305770A1 (en) | Image processing apparatus, image processing system, non-transitory computer readable medium storing image processing program, and image processing method | |
| JP2008112309A (en) | Originality management system, originality management device, image forming device and originality management program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |